Recent site activity

Rainbow Tables

NOTE: If you download the rainbow-tables you need to also download the associated dictionary file and rules file to make it work. For most of the tables the files are basic_rules, and dic-0294. I apologize I should have saved them in the first cfg tgz for each table but I was trying to save space. My bad.

Overview:

This page is dedicated to our dictionary based rainbow table password cracker, (known as drcrack). The original source code is based off of rcrack written by Zhu Shuanglei.

As stated, dcrack allows the creation and use of dictionary based rainbow tables. If you are unfamiliar with rainbow tables a good reference is the original rcrack homepage. Normally rainbow tables are generated based on a brute force type approach. For example, you could create a rainbow table that would attempt to crack all passwords of length one through six, containing alphanumeric characters. A further refinement developed by the people over at http://www.freerainbowtables.com is the mixed rainbow table. An mixed rainbow table allows you to create tables by defining brute force rules such as "the first six characters should be letters, and the last two characters should be numbers". Dictionary based rainbow tables, such as those generated by drcrack, on the other hand allow you to create pre-generated hash tables based on dictionary words and common word mangling rules, such as "P@ssword12".

All three methods are very useful. With the inclusion of drcrack, we feel that most password cracking against unsalted hashes can be done using pre-generated tables. Aka, an attacker can use traditional rainbow tables for pure-brute force password audits, indexed tables to expand their brute force attacks, and dictionary based tables to cover their normal dictionary based attacks.

Features:

Menu based rule generator

Config files -table generation info is no longer stored in the filename!!

Multi-threaded support for multi-core CPUs, (Linux and MacOSX only)

Various other performance tweaks such as using optimized hashing functions for the most common password hashes, (goodbye openssl).

-Changes: Removed some debugging code from the multi-threaded rainbow table creator. You should see a significant increase in performance now

-Added the ability to specify your own salt values for mscache and oracle password hashes.

-As an addendum to the above point, any tables created with drtgen 1.03 will not work with previous versions. Don't worry, all the old tables still work with the new version.

-Completely changed the command line format for drtgen to help avoid confusion, and hopefully make it easier to use

-Added the -bench option to help predict how long a table will take to create.

-Lots of other internal tweaks and code cleanup

-Once again, if you notice any new, (or old), bugs please let me know

Version 1.01:

-Changes: Fixed an issue with the makefile that caused the program to not compile on some systems, (aka capitalized Public.cpp)

-Special thanks to the person who pointed this out

Version 1.0:

After over a year and a half, we finally are ready to deploy our release version. Why so long? Well originally we were going to present it at Shmoocon08 but we didn't have the tables done in time. Then we decided to publish a paper on it, other stuff came up (check out our pcfg password generator), optimized the algorithm which invalidated all our old tables, etc. It's done though, and we are pretty proud of it. There's sure to be bugs, so if you have any suggestions or find any mistakes, please let us know.

Installation/Configuration (Linux, MacOSX):

1. Download and untar the source files2. make

Creating Rule Files:

1. run ./dr_rules2. Specify the appropriate configuration options

-Option (1) modifies the character sets.Use this to add support for different languages, or to modify which numbers/special characters to use in the word mangling rules

-Option (2) allows you to create word mangling rules.For example, add two numbers to the end of the dictionary word, and replace ‘a’ with an ‘@’.

3. Save your settings.

-Option (3)creates a rules file that can be used to generate a dictionary based rainbow table.

-Note:you can load this saved file into dr_rules at a later point if you wish to make any changes